Hipaa Compliance

HIPAA Compliance

If you are in the healthcare industry, you have probably heard some rumblings about the Health Insurance Portability and Accountability Act of 1996, coolly referred to as HIPAA. The word is your medical practice will have to be HIPAA compliant by April 2003, but you're not exactly sure what this act mandates or how to accomplish it. In very basic terms, HIPAA has two primary components to which hospitals, health plans, healthcare "clearinghouses," and healthcare providers must conform: 1) Administrative simplification, which calls for use of the same computer language industry-wide; 2) Privacy protection, which requires healthcare providers to take reasonable measures to protect patients' written, oral, and electronic information. Congress passed HIPAA in an effort "to protect the privacy and security of individually identifiable health information. "1 Additionally, lawmakers "sought to reduce the administrative costs and burden associated with healthcare by standardizing data and facilitating transmission of many administrative and financial transactions." 1 HIPAA consultants say the new regulations should save the healthcare industry money in the long run, provide improved security of patient information, and allow patients to have better access to their own healthcare information.

While the HIPAA regulations call for the medical industry to reexamine how it protects patient information, the standards put in place by HIPAA do not provide any cookie-cutter answers, says Leah Hole-Curry, HIPAA legal counsel for FOX Systems, a HIPAA consulting firm. "HIPAA doesn't necessarily prescribe the solutions, but it does require physicians to look at all of the ways that they use and access data today and determine whether that's reasonable or not." to help you begin your HIPAA compliance process, following are some practical ideas for rethinking how you maintain and use patient information in your office. Appoint one or two staff members (depending on the size of your office) to review the HIPAA act, determine the changes your practice needs to make, and decide if you'll need outside help. To keep this project manageable, do not wait until the last minute. Remember: most of the healthcare industry will have to be HIPAA compliant by April 14, 2003. Furthermore, compliance is not optional. Those found in violation of the act will be penalized: "Civil penalties range up to $25,000 per violation of each standard. Criminal penalties range up to $250,000 in fines and/or up to 10 years in prison."3

An important part of HIPAA is the minimum use standard, which mandates that healthcare providers use and disclose patient information in ways that are minimally necessary to accomplish the task. For example, a billing clerk does not need access to a patient's entire medical history to bill for a service rendered, says Hole-Curry. Therefore, you may want to divide patient files into sections, having an office policy that clearly states who may access each section. Consider converting to pocket-style classification folders, which have two envelope-like pockets where classified information could be stored. General information could be attached

...